Fix session token issue

In _User collection a field _session_token is present and if you fetch
the user data form server, this field override the sessionToken saved
in your browser.

If you don't fetch the user, all request to server contain the right
sessionToken and if you fetch the user data from the server, all next
requests will contain the wrong sessionToken come form the
_session_token in user data fetched.

Author: Francis Lessard

src/RestQuery.js

@@ -415,6 +415,11 @@ function includePath(config, auth, response, path) {
     for (var obj of includeResponse.results) {
       obj.__type = 'Object';
       obj.className = className;
+
+      if(className == "_User"){
+        delete obj.sessionToken;
+      }
+
       replace[obj.objectId] = obj;
     }
     var resp = {

src/Routers/ClassesRouter.js

@@ -51,6 +51,11 @@ export class ClassesRouter {
         if (!response.results || response.results.length == 0) {
           throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
         }
+        
+        if(req.params.className === "_User"){
+          delete response.results[0].sessionToken;
+        }
+
         return { response: response.results[0] };
       });
   }

src/users.js

@@ -133,6 +133,9 @@ function handleGet(req) {
       throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                             'Object not found.');
     } else {
+      if(req.params.className === "_User"){
+        delete response.results[0].sessionToken;
+      }
       return {response: response.results[0]};
     }
   });